This is how it happened (From my own experience): 1. They got your password. 2. They contacted Jagex, saying they forgot what email was used to login to the account. With enough information (Not much for iron men since quite new accounts) they'll give it to you. 3. They waited days, weeks, maybe months. 4. They contacted Jagex again, saying the email address that was used to create the account has been compromised and you'd like to get your password changed. 5. If successful, jagex sends you the links to a new email address you provided, but also sends them to the old one. Aaaand, that's how they never have to login to your email.
+Ash Ketchum I believe they call that "social engineering" where they pretend to be somebody else and talk there way into getting crucial account info from the company.
This is how someone stole my alt account they found out the password then sent jagex a recovery and pretty much said they've lost access to the email and jagex handed it over pretty damn easily maybe they should start using photo identification
+Atomiicstarr i don't play WoW anymore, but they would ask you to scan in your photo ID when recovering an account and it seemed to work for me. it was a easy recovery method, took like 2 days. so photo ID is always good in my book.
+Velosofy Try doing that in gmail. Your email will show up as unread but will not have a "NEW" tag near it (as seen in the video). "NEW" tag appears only when you first see the mail (you don't have to read it). It was never seen by anyone. What's the point in that anyway? Still got no "Your password has been reset" mail either. Did they delete one email and marked the other one as unread?
So you got phished, phishing basically consists in creating a fake site like facebook, runescape, amazon etc... and then it puts that you need to log in, when you do it the information is send it to the phisher (call them a hacker would be an insult to hackers).
+pablo loquencio Not really. The idea behind the video is that somehow someone, somewhere, changed his password without actually going through the password reset systems Jagex has in place.
Expand Dong Wasn't explaining to him, our lord and saviour A friend knows and haves in his brain all the content of internet. I was explaining just in case if someone doesn't know what is phishing at least they dont fall for it.
+pablo loquencio no. I NEVER used that email. Never logged in again after creating it. Last activity was 2014 october. You can't change pass without access to email.
I have seen a LOT of people on Reddit reporting situations very similar to this, and they are almost always downvoted, ignored, and told they need to be more careful what sites they enter their password on. I'm glad that someone with credibility has finally made a video demonstrating this issue.
+Devan Slone Ok look at it like this, which is worse losing real money or having your email hacked that was used for nothing but a runescape account hackers think that same way they look to do the most damage with the least possibility to get charged with anything major and tracking hackers down takes about 5 minutes for a website admin you just find there ip adress then find all the accounts used on that ip adress and follow where the money was sent also if you hack Paypal accounts you don't even get the money because it is taken back from all the users it was sent to even putting them into debt to paypal
+Friender_Men Either are as bad, and neither can be punished if the hacker knows what he's doing. "You just find the IP" good luck finding the IP behind several proxies and fake adresses.
There is a perfect explanation for this. You go through an SMTP/POP3/IMAP client. You can view and send email without going through the web client or going to any google domain. With the POP3/IMAP protocol you can 'read' email, and get the messages without actually 'opening' them. You can also delete messages, which is what they did with the first 'your password has been reset' email. Source: Software engineer.
God I fucking use the fucking osb myself, but I'm starting to fucking think they can get people's fucking password very fucking easily. And it does sound quite fucking logical to me if you fucking think about it.
In Gmail there are options to delete emails, delete emails from trashbin, mark an email as not being read. Also there are ways to login/access emails without going through the website, kind of like your mail app on an Iphone. Except they can make the program for example not show up in the last logged ips or something similar.
A few weeks ago on steam there was a hidden website that was found that would allow people to send password reset requests and then it would send the requests out to email and the password would just be removed and no one could access the account until the password had been reset. So I'm thinking that someone has done something like this, they never actually accessed any of your stuff, or knew your passwords.
Couldn't he have just deleted the emails saying the password was reset, and then for the request to reset password one which was unread, marked it as unread so it would appear to be new? Is it possible he can somehow trick gmail into thinking he is logging into your email through your ip so that's why it didn't appear in your gmail login activity? I don't know much about hacking/whatever but that would be my guess
+Ryan S True, I was thinking that the "hacker" may of used a Reverse SOCKS Proxy with his IP, what that does is change the hackers IP to A Friend's IP so Gmail wouldn't notice unusual activity as there is no IP difference, but yeah he'd still appear on previously used.
I am very sorry to hear that this happened. A fellow runescape player who has entertained thousands of other runescape players being hacked? This is just not right. Of course it wouldn't be right to happen to anyone. I hope everything is going well now though. Keep grinding!
Lmfao, this also happened to me for 3.4b, happened to Rendual (IF Leader) for 6b, Radeh, Qlfy, and loads of others, recently heard that Sparze (Vr member) got hacked for 1b+ this morning, apparently these are some people from bugabuse going on a spree and somehow know how to disable authenticators as well, they somehow got into my account with my current password, didn't have my pin (proving i wasn't ratted, plus I left my account guthaning over night with pin entered, nobody hacked it, did this every night) and I was ddosed off of my account once I had the majority of shit in my invy... Jagex needs to properly look into this.
So why is it unbelievable that the 'hacker' managed to target you (a pretty famous youtuber) and only attacked one of your runescape accounts? [Then they can just delete the password change email, and click the 'keep new' button on the password request email]
***** Sorry, I meant to say 'unread'. But if I were the hacker, I'd just wanna mess with you -- see if I could maybe get you to make a video about my actions (which the hacker did). Then, once you are comfortable with your computer again and forgot about this whole incident, take your RUclips channel. Maybe they have been waiting for you to type a password into a certain website. Who knows. Wipe your computer.
+Terry The Tutor the mail was never read by anyone as it had a "new" tag near it. My pc is not infected as I never logged in to that email on current windows (last login 2014 oct. that's the only day when they could have gotten the password). Did they wait 11 months before acting?
***** No, you're right. The odds are they did not wait 11 months. They could of done any number of things to make that email appear new, though. Maybe click the recovery link twice (and only open and use and delete one of them). I'm not a Gmail expert, so I do not know how their activity thing works; but what if the hacker used their own email client to receive the emails on their end (just log in via POP3 -- all email providers allow this). Then, Gmail will claim that nobody has logged into the account, even though someone had been receiving the emails on another client. If the hacker never ACTUALLY logged into the Gmail, just their own mail client and connected to the Gmail servers, I see no reason for Gmail to say that you had any activity. You should still wipe your computer.
+Terry The Tutor no it doesn't work like that. If they were received on another client via Pop3 it would still say read as that should be server side NOT client side. Also wiping a PC is very over the top. If there is any infection there are plenty of free tools. Yes I said free. That will clean any malware / ransomware / adware / spyware / Trojans / keyloggers / rootkits. Majorgeeks is your home for all those ;)
There was also a similar issue with Steam where someone could attempt to change the password if they had the username and then bypass the link issued to get your current password then steal your stuff from there.
It's crazy just how good some of these nerd hackers are... They seem to be able to do the impossible... Some are just that good that within a few seconds they can hack into your phone/emails whatever (Not just Runescape related) and be gone without a trace. glad everything seems okay now. quite scary how advanced some hackers are getting.
As a programmer i may say: i can access your gmail without gmail client. Just with simple SMTP commands. I can read contents of emails without flagging them as "red" and as of confirm mail that did not apper twice? he might delete it. Last activity in gmail is registred via gmail client. When i use basic SMTP functions from shell... they wont be recorded. And no i didnt hax your mails and stuff :D just a programmer :)
+zivanni Simple test: connect to your gmail via smpt: yet no activity; list inbox folder: yet no activity; get contents of last email into a variable without flagging it: gmail has still not registred any activity; i did this test via PHP.
@A FriendI also had the exact same I was streaming so i was an easy target, got hacked like this identically for 6b. 2days later my friend who is also a streamer got hacked for 3b then today another guy who stakes got hacked for 1.2b. This is a chain reaction done by the same people be careful
+Jamie “Rendual” Hey rendual its me sparze, I got hacked for the 1.2b this morning while streaming, it has something to do with them having your loggign ID and t hey are able to change passwords via something not sure what. Jagex really needs to return us the money its disgusting..
Hey man. I had this exact same thing about two years ago. Got logged off while training, couldn't log back in. Contacted Jagex and they reset everything for me. I still have no clue as to what happened then, but the situation sounds exactly the same as yours.
a friend i recommend you setup authenticator on phone,what you will never use for internet,wifi,mobile-data..just get any cheap phone and never never again connect it with it internet
+A Friend believe it or not this happened to me aswell a while back near the start of OSRS i got ranger boots off of a clue and posted it in a popular fc in celebration dont recall which one but then not even 2 hours later i got logged off i didnt think anything about it because my internet was pretty shit so i thought it was a dc and since it was late i just went to bed next day my cash boots and all valuables were gone no email no nothing and my authenticator was on yet my password was different.
So either this dude found a way to actually go through your gmail without being traced, did it through twitter like you said, or Jagex has a security problem which this dude slipped past. In any case you should probably do a Malwarebytes scan and potentially an avast boot scan just to be sure.
+Free to Say (TJ) My last login was almost 1 year ago to that email so unless they waited almost 1 year to check their "keylog logs" it's not the case.
But I wasn't so lucky started from ground up and made sure that would never happen again good luck bud I've been playing since beta and never had issues up til recently also make sure ur all security measures are in place.
It's possible to send a password request query from the home screen of runescape. Seeing as your email was never accessed, it is VERY likely that someone guessed/somehow found out both your EMAIL (but not your emails password) and your in game accounts password. What happened is this: They found out your email, sent a password reset request in, but couldn't access your email, so they changed the password using the online account manager tools, because they somehow had access to your account. Did you happen to get a screenshot of the latest activity on your account? Consider asking Jagex on twitter, I'm sure they can find the IP of who logged in to you.
-They send recovery request to your email from account. -They then bruteforce the URL which looks like it would take a while but maybe only the last 9 digit id changes (and the rest depends on date/time). -They then change password from recovery url. That's it.
zivanni You don't bruteforce the PW, you bruteforce the URL. No limit on 404 html requests. He didn't get pinged back in his email cos he didn't click the hyperlink.
Never thought you could have been hacked, you are on the game so much and I would have thought that you have every security measure going for Runescape.
This could be a vulnerability on runescape's recovery system which could override certain headers in an email (such as adding a BCC), quite common on web applications.
I think +G Mail is correct. Basically, to request a password reset, they only need to know the runescape login (email or username) to ask for a password reset. They probably found it out somehow. Then one that happened, their server will respond to a URL where you can reset your password. Usually there's a generated token that has to be part of the URL (That's why the password reset links are always like something.domain/shitloadofrandomcharacters). Now if you can figure out how that token is generated, the person can simply access that URL, without needing to read the email. Now I don't know how did he figure out the algorithm for that. But most encryption algorithms have a distinguishable output. Once that's know, only the seed has to be found.
The same thing happened to me a few weeks ago. I'm a Computer Scientist and I know my shit when it comes to computers. I had two step verification on my emails and my password was changed, my Runescape account did not have two step verification at the time either because I thought my email security would have been fine. I'm the type of guy that uses virtual machines for stuff that I don't trust as well, plus I don't install loads of shit. On top of that I have good firewall, anti virus and anti malware on my computer. I use a VPN at all times and my email account used for my Runescape account is not signed up to anything. I had the same email as you, but somehow my password was changed for anybody to sign in to my hotmail account I need to accept a notification on my phone (Which I never did). Luckily for me, my account got locked when they tried to sign in, so I never lost my items. I'm not meaning to point fingers or anything, but I do have a theory as to how it happened, two days before I got hacked I decided to install OSbuddy because everybody uses it and I have heard good things about it, two days later that happens to me. Since then I have removed it and I restored backed to a restore point on my computer, and it has not happened since.
Don't over think it. The hacker simply sent a password reset email and then deleted that email afterwards. And about that last login was October thing, there probably is an incognito option in Gmail settings or something (idk tho, I don't use Gmail).
If I was a link breaker here's how I'd do it, I'd figure out the email for your account. It's the easiest step but needs to be mentioned, next you request the change and start using a URL generator with the parameters that RS uses in the URL they send you. Coders can go into the code for URL generators and figure out what the parameters are for that site and run a brute force URL generator where it basically tries to guess that correct sequence of letters and numbers that will be sent in your link and when it's successful they've reset your password. But because of the way the URL generator works if they need confirmation after clicking the link it won't know. So what probably happened was they used a program to guess the URL of the link they'd send you and so the password was changed, but they never confirmed after clicking the link so they didn't get the second email.
Sounds like a runescape exploit. Someone found a way to get the reset link without getting from the email. please don't comment "phished". relogging and phising is when hackers gain your info, and then use it to log in and change stuff. He provided proof that there was no logging in anywhere. The password was changed between runescape and the hacker, not through a friend.
something kinda similar just happened to me. I logged onto my main account and everything seemed normal at first(accept my obby cape was in inventory(account is not member anymore). I opened the bank and quickly realized my gp was gone. I checked my ge option because that's where most of my gp was and it was gone also. I didn't even realize when I first opened my bank it didn't ask me for my pin. I logged out then back in to see if I had any unread messages. (honestly scared at this point because I sell gp once in while and don't want to get banned) but I had none. I realized my pin has been turned off or de-activated. I check my email and theres nothing. At this point I am freaking out because no1... I mean no1 has heard my password or my pin before. I have 0 friends irl that plays runescape + I'm pretty much in the middle of nowhere. I am the only person that's ever on this computer. I am seriously in a mind fuck... I have no clue how this could have happened unless jagex has something to do with it?!
has anyone heard anything like this before? Someone would have to know my password + my bank pin then disable the pin for somereason then proceed to take just the gp in the bank, the the ge offers I had. I'm thinking this is some sort of bot or its jagex punishing me for rwt? But then again I have 0 messages on both email and account
SirGanja RipperTon Nah you wouldn't get a ban offence. Trust me i know. It's not apart of the banning/muting system to clear people's banks. Jmods do it manually. And, there's no way in hell a bank pin is gonna be deleted in less than a few hours or whatever, I'm pretty sure you log-in daily at least every other day. If you had a entered a wrong bank pin a few times and you chose the option to remove it,it will be removed when you enter the bank pin correctly. So my point is if a hacker got your information he'd need to know the bank pin or wait 3/7 days, but that didn't happen i'm assuming, the Bank pin just got deleted, which is why i'm saying it's by a Jmod.
bank pins can be deleted almost immediately if you know it, just by talking to the banker and and entering the pin settings (after entering the correct pin) if a jmod did clear the gp on my account because I did a little rwt, then it would be great if they would let me know. Instead I'm just paranoid not knowing whats going on :S but your information did lighten me up some so thanks :D I just hope it was a jmod and not a hacker
this happened to me today too, really caught me off guard and still has me confused, thankfully I was online when the hacker changed my password and my account locked up immediately but I have no clue how they got access to my account or my email.
If you log into an email through a POP client (a 3rd party email client, not through gmail's site) then account activity won't show up in gmail. That's how they accessed it without you knowing. As for how they got your password who knows, might have been the same as another site you were registered on which had the database hacked.
This has happened to be several times recently, I get random pass resets to my email and get DC from game. Support said no one else than me had logged into my account even tho the pass was changed. It's some new meta hacking that Jagex don't have a clue about.
Same thing happened to me a while back, took me 6 months to get the account back. Now I just 2-step everything possible. I'd 2-step the 2-step if I could.
The same happened to me around a month ago, I had authenticator enabled and my email was definitely not compromised. no password request was even sent. literally logged on one day and said my password was incorrect and jagex would not let me recover as apparently the person provided details of original ownership even tho I created my account, reddit, twitter and Facebook was of no help to recover so now I am without an account
The same thing happened to me a few years ago. The only difference was that it claimed my email was changed, even though multiple messages to Jagex confirmed that it hadnt. Short story long, its just that Jagex servers dun goofed
I had almost the exact same situation in early 2014. Got hacked, email showed no records of anyone else logging in, Jagex support claimed the password was reset using the email link and I'm not even a famous runescaper
This happened to one of my friends (who lost upwards to 3b) and it was the same situation, where his email got hacked and his account was tampered with. Is there something going on at jagex where people are starting to exploit security bugs?
RS community in a nutshell here boys. Kek. Do something with my life? I have been. Ever heard of leisure time? Probably not, as I assume you're a 16 year old little brat with nothing better to do then game-out and talk shit on the internet
Okay, lots of theories out there. Let me, as a computer scientist, tell you what I think happened. Believe it or not, its entirely possible to intercept emails. What the hacker probably did was find your email address, have the new password sent, and then they intercepted that email as it was going to google (or maybe it was pulled out of one of google's networks), and then they just used the password reset link. They didn't have to log into your email account. It is very possible, and actually pretty easy if you know how, to intercept things like emails. The only safeguard against that is encryption, and google doesn't use the best encryption techniques when it comes to emails, Jagex to an even lesser extent.
Something very similar to this happened to me about 2 months ago. The difference was that they accessed my pc by hacking my teamviewer. They then proceeded to access my email and reset my RS password and cleaned out my bank. My email and RS was the only websites they had accessed. Also the email that was sent to my gmail saying reset they had deleted and then cleared my trash folder so I wouldn't notice. This may be what happened with you on the email side of things. This hacker was only interested in my RS account. Had no interest in seeing if I had saved passwords to my banking or my paypal (which I do not)
It could be, that you got a Trojan on your computer. He logged you off of Runescape and then led you to a site that was LOOKING like runescape, but wasn't (or the input was changed or whatever...). Before that the hacker sent a request to change your password. So now when you access your Gmail, the Trojan knows your Gmail login and password. At this point he probably changed the password and deleted all unnecessary mails. What I am trying to say is, that there could still be that same Trojan on your PC and do the same thing again, just that now after this video the hacker knows, how you would react.
You can delete the confirmation e-mail and then mark the other one requesting the password change to "unread." However, the only thing standing out was the last time you had logged in.
You can actually read e-mail by not actually opening it. It's in the "Labs"(experimental) part of the Gmail. At least that's what it was called like 2+ years ago.
So basically, your email and runescape account were both hacked. The emails that confirmed your password reset was permanently deleted from the trash bin, the guy used a Reverse SSL proxy that made it so that it showed up as your device being used to access the email account. Also, you can get by without clicking on the email for the password reset link by just looking through the source codes from the web browser so it still showed up as "New" when you logged in.
I think the obvious answer to this is that they changed the password, then deleted the two messages sent to your Gmail and sent a second request to change your password that they didn't open in your Gmail. I couldn't think of any other answer so long as this wasn't some sort of glitch.
my guess is that they somehow accessed your gmail account indirectly, sort of like wire tapping for phones. so basically they request a password reset and see the link come in without actually logging into the email, then use it. it gets weird though again when there's no confirmation email. he would have had to somehow delete the confirmation email once again without getting into the account and maybe just hope that the reset request just looked like someone who failed in hacking your email. idk definitely "some illuminati shit" like you said. have you checked all of your other folders like trash/spam/junk?
I have done that before, I don't know about the no logs on GMAIL or something. But as of no email showing up. Since they had access to your gmail they could of easily deleted the email(s) so you wouldn't notice.
I got my Runescape account hacked once. They stole my Email first and then took RS account. Got RS account back with security questions and in game lost only zaryte bow and ranged armor i was using, thanks for bank pin. Had to make new email and change all information where i used old email. I had nothing important in stolen email, so nothing bad happened.
I actually got hacked this same way, but I ended up losing over 200m in goods and cash. Posted on forums and such trying to get jmods or somone to look into the trades that took place, but nothing was done. So gg me lol. Just added 2 step verification, changed all passes, and learned a lesson.
Someone must've figured a way to predict what links are sent in regards to resetting passwords. It's possible now someone is able to predict or has a machine that can predict the links Jagex sends to the email for resetting it. Sounds kindof bizarre, but anything is possible.
What if the hacker figured out some way to guess or determine the url included in the password reset email? This would almost account for the events that transpired, only it is strange that you didn't get an email that it had been reset. I suspect this is a problem with Jagex's security features, which allowed the hacker to reset your password without triggering that email.
![Blox Fruits Dragon Rework Update [Full Stream]](http://i.ytimg.com/vi/EqDAp8udhm0/mqdefault.jpg)
"This is some Illuminati shit." - A Friend 2K15
Lmao
+Jimmy M Iluminati Confirmed!
+Jimmy M HAHAHH
+Jimmy M BEST...LINE...EVER!!!
+Jimmy M A Friend is ILLUMINATI!!!
This is how it happened (From my own experience):
1. They got your password.
2. They contacted Jagex, saying they forgot what email was used to login to the account. With enough information (Not much for iron men since quite new accounts) they'll give it to you.
3. They waited days, weeks, maybe months.
4. They contacted Jagex again, saying the email address that was used to create the account has been compromised and you'd like to get your password changed.
5. If successful, jagex sends you the links to a new email address you provided, but also sends them to the old one.
Aaaand, that's how they never have to login to your email.
:3
You win m8
+Ash Ketchum I believe they call that "social engineering" where they pretend to be somebody else and talk there way into getting crucial account info from the company.
This is how someone stole my alt account they found out the password then sent jagex a recovery and pretty much said they've lost access to the email and jagex handed it over pretty damn easily maybe they should start using photo identification
+Atomiicstarr i don't play WoW anymore, but they would ask you to scan in your photo ID when recovering an account and it seemed to work for me. it was a easy recovery method, took like 2 days. so photo ID is always good in my book.
It was probably RSN: L3gendary
He really wanted 10m RS3
+bingahgread LOL you win the comments
+bingahgread dude idk why he banned him - everyone posts dumb comments and a lot of people loved/hated him
I enjoyed him lol
+Josh Stilwell He isnt banned look at his runeclan site he make 165k exp in this week and today over 1000
I meant wasnt legendary removed from the page?
ah
You know they can just mark the email as unread, so it shows as 'new' again.
+Velosofy beat me to it. this seems like the obvious answer
+Velosofy explain the last activity then
+Velosofy just tried, thats not how it works
+Velosofy Try doing that in gmail. Your email will show up as unread but will not have a "NEW" tag near it (as seen in the video). "NEW" tag appears only when you first see the mail (you don't have to read it). It was never seen by anyone.
What's the point in that anyway? Still got no "Your password has been reset" mail either. Did they delete one email and marked the other one as unread?
+A Friend pretty sure jmod is messing with ya lol.
So you got phished, phishing basically consists in creating a fake site like facebook, runescape, amazon etc... and then it puts that you need to log in, when you do it the information is send it to the phisher (call them a hacker would be an insult to hackers).
+pablo loquencio Not really. The idea behind the video is that somehow someone, somewhere, changed his password without actually going through the password reset systems Jagex has in place.
+pablo loquencio You don't need to explain what phishing is ... he already know of course
Expand Dong Wasn't explaining to him, our lord and saviour A friend knows and haves in his brain all the content of internet. I was explaining just in case if someone doesn't know what is phishing at least they dont fall for it.
+pablo loquencio no. I NEVER used that email. Never logged in again after creating it. Last activity was 2014 october. You can't change pass without access to email.
+A Friend The hacker wouldn't need access to your email if he works at jagex.
Hacks an ironman account, cant trade anything valuable to another account. Genius.
+SemperPravus You can drop trade all tradeables from iron man to regular.
+SemperPravus hell they can cancel his ironman in edge
Or maybe troll
+SemperPravus kill an ironman they drop everything.
+SemperPravus He can switch into a normal player then trade them :)
"this is some illuminati shit, i am telling you" - A friend
I have seen a LOT of people on Reddit reporting situations very similar to this, and they are almost always downvoted, ignored, and told they need to be more careful what sites they enter their password on. I'm glad that someone with credibility has finally made a video demonstrating this issue.
All these people saying RIP didn't listen to the video/read the description
I had the same thing happen a few months back, so you're not alone on this. I never found out what happened. So I'm glad I wasn't the only one.
id still run a virus scan, alot of people dont go for paypal accounts because if they get caught from that it is guaranteed jail time
+Devan Slone Ok look at it like this, which is worse losing real money or having your email hacked that was used for nothing but a runescape account hackers think that same way they look to do the most damage with the least possibility to get charged with anything major and tracking hackers down takes about 5 minutes for a website admin you just find there ip adress then find all the accounts used on that ip adress and follow where the money was sent also if you hack Paypal accounts you don't even get the money because it is taken back from all the users it was sent to even putting them into debt to paypal
+Friender_Men Either are as bad, and neither can be punished if the hacker knows what he's doing.
"You just find the IP" good luck finding the IP behind several proxies and fake adresses.
+ONION Macpoptartpants lol pretty easy to use a po box or send it to abandoned house/random ghetto place there is ways around everything bud
ONION Macpoptartpants You guys are forgetting that one can buy bitcoins that are then untraceable...
+RPGWizard96 and you are forgetting that you can still trace the paypal
There is a perfect explanation for this. You go through an SMTP/POP3/IMAP client. You can view and send email without going through the web client or going to any google domain. With the POP3/IMAP protocol you can 'read' email, and get the messages without actually 'opening' them. You can also delete messages, which is what they did with the first 'your password has been reset' email. Source: Software engineer.
I'm starting to have my doubts about osbuddy now...
+GodlikeCat What the fuck does osb have to do with his RS3 account getting hacked...?
God I fucking use the fucking osb myself, but I'm starting to fucking think they can get people's fucking password very fucking easily. And it does sound quite fucking logical to me if you fucking think about it.
+GodlikeCat uh.. sure.. doesn't sound logical to me but yeah man you do you
+GodlikeCat you know a jmod made osbuddy right?
+Ryan Crow Yeah, because Jmods are so trusted right? Moreso a previous bot client creator.
In Gmail there are options to delete emails, delete emails from trashbin, mark an email as not being read. Also there are ways to login/access emails without going through the website, kind of like your mail app on an Iphone. Except they can make the program for example not show up in the last logged ips or something similar.
Maybe A Friend saw a fake A Friend account in the comments and went to see the osrs closing poll
Derp
A few weeks ago on steam there was a hidden website that was found that would allow people to send password reset requests and then it would send the requests out to email and the password would just be removed and no one could access the account until the password had been reset. So I'm thinking that someone has done something like this, they never actually accessed any of your stuff, or knew your passwords.
Couldn't he have just deleted the emails saying the password was reset, and then for the request to reset password one which was unread, marked it as unread so it would appear to be new? Is it possible he can somehow trick gmail into thinking he is logging into your email through your ip so that's why it didn't appear in your gmail login activity? I don't know much about hacking/whatever but that would be my guess
+Todd Google stated that the account hasn't been used since last year. There would be no way to fool that.
***** good point
+Ryan S Not going through the web client.
hman That still shows up on previously used devices.
+Ryan S True, I was thinking that the "hacker" may of used a Reverse SOCKS Proxy with his IP, what that does is change the hackers IP to A Friend's IP so Gmail wouldn't notice unusual activity as there is no IP difference, but yeah he'd still appear on previously used.
Oh man I'm really glad you got your account back cause when I saw the new video notification saying you were hacked I panicked for You
It was probably bruteforced, it means they have a program which tries all kinds of different combinations
+Jonathan That seems like the right explanation, but that still doesn't explain the changing password e-mail that was sent to him. Still good thinking
+Jonathan Bruteforced on Rs? That would take years and probably you can't even do it.
***** bruteforcing the code that the email gave him
***** that is correct i thought of that later, it is weird.. Props to the hacker tbh
+Jonathan How did they know his email address to begin with? He only used it once and that was years ago.
I am very sorry to hear that this happened. A fellow runescape player who has entertained thousands of other runescape players being hacked?
This is just not right. Of course it wouldn't be right to happen to anyone. I hope everything is going well now though. Keep grinding!
Lmfao, this also happened to me for 3.4b, happened to Rendual (IF Leader) for 6b, Radeh, Qlfy, and loads of others, recently heard that Sparze (Vr member) got hacked for 1b+ this morning, apparently these are some people from bugabuse going on a spree and somehow know how to disable authenticators as well, they somehow got into my account with my current password, didn't have my pin (proving i wasn't ratted, plus I left my account guthaning over night with pin entered, nobody hacked it, did this every night) and I was ddosed off of my account once I had the majority of shit in my invy... Jagex needs to properly look into this.
Nice reacting and checking! Top notch to you A friend!
this has mod reach written all over it
love ur vids!! all of them!!
So why is it unbelievable that the 'hacker' managed to target you (a pretty famous youtuber) and only attacked one of your runescape accounts? [Then they can just delete the password change email, and click the 'keep new' button on the password request email]
+Terry The Tutor what purpose would that serve? Delete one unnecessary email but keep the other one? You can't mark an email as "new" only as unread.
***** Sorry, I meant to say 'unread'.
But if I were the hacker, I'd just wanna mess with you -- see if I could maybe get you to make a video about my actions (which the hacker did). Then, once you are comfortable with your computer again and forgot about this whole incident, take your RUclips channel.
Maybe they have been waiting for you to type a password into a certain website. Who knows.
Wipe your computer.
+Terry The Tutor the mail was never read by anyone as it had a "new" tag near it. My pc is not infected as I never logged in to that email on current windows (last login 2014 oct. that's the only day when they could have gotten the password). Did they wait 11 months before acting?
***** No, you're right. The odds are they did not wait 11 months. They could of done any number of things to make that email appear new, though. Maybe click the recovery link twice (and only open and use and delete one of them).
I'm not a Gmail expert, so I do not know how their activity thing works; but what if the hacker used their own email client to receive the emails on their end (just log in via POP3 -- all email providers allow this). Then, Gmail will claim that nobody has logged into the account, even though someone had been receiving the emails on another client. If the hacker never ACTUALLY logged into the Gmail, just their own mail client and connected to the Gmail servers, I see no reason for Gmail to say that you had any activity.
You should still wipe your computer.
+Terry The Tutor no it doesn't work like that. If they were received on another client via Pop3 it would still say read as that should be server side NOT client side.
Also wiping a PC is very over the top. If there is any infection there are plenty of free tools. Yes I said free. That will clean any malware / ransomware / adware / spyware / Trojans / keyloggers / rootkits.
Majorgeeks is your home for all those ;)
There was also a similar issue with Steam where someone could attempt to change the password if they had the username and then bypass the link issued to get your current password then steal your stuff from there.
10 hours of being hacked video coming soon?
It's crazy just how good some of these nerd hackers are... They seem to be able to do the impossible... Some are just that good that within a few seconds they can hack into your phone/emails whatever (Not just Runescape related) and be gone without a trace. glad everything seems okay now. quite scary how advanced some hackers are getting.
As a programmer i may say: i can access your gmail without gmail client. Just with simple SMTP commands. I can read contents of emails without flagging them as "red" and as of confirm mail that did not apper twice? he might delete it. Last activity in gmail is registred via gmail client. When i use basic SMTP functions from shell... they wont be recorded. And no i didnt hax your mails and stuff :D just a programmer :)
+zivanni Simple test: connect to your gmail via smpt: yet no activity; list inbox folder: yet no activity; get contents of last email into a variable without flagging it: gmail has still not registred any activity; i did this test via PHP.
A friend got hacked
Illuminati confirmed.
@A FriendI also had the exact same I was streaming so i was an easy target, got hacked like this identically for 6b. 2days later my friend who is also a streamer got hacked for 3b then today another guy who stakes got hacked for 1.2b.
This is a chain reaction done by the same people be careful
+Jamie “Rendual” Hey rendual its me sparze, I got hacked for the 1.2b this morning while streaming, it has something to do with them having your loggign ID and t hey are able to change passwords via something not sure what. Jagex really needs to return us the money its disgusting..
Just go stake for your money again, literally make mills with 0 effort
Hey man. I had this exact same thing about two years ago. Got logged off while training, couldn't log back in. Contacted Jagex and they reset everything for me. I still have no clue as to what happened then, but the situation sounds exactly the same as yours.
some illuminati shit. 😄
Seer's Village lodestone.
Illuminati confirmed.
10 hours of killing hackers.
HAHAHAHA "so at this point, I was like fuck." Love it
Mod reach strikes again
jagex troll a friend
and btw i like that BAYYYYY at the end
a friend i recommend you setup authenticator on phone,what you will never use for internet,wifi,mobile-data..just get any cheap phone and never never again connect it with it internet
+rs agarwaen I have authenticator on all of my accounts. It got disabled after password recovery.
+A Friend maybe the hacker works at jagex
+lake mason mod reach confirmed
+A Friend believe it or not this happened to me aswell a while back near the start of OSRS i got ranger boots off of a clue and posted it in a popular fc in celebration dont recall which one but then not even 2 hours later i got logged off i didnt think anything about it because my internet was pretty shit so i thought it was a dc and since it was late i just went to bed next day my cash boots and all valuables were gone no email no nothing and my authenticator was on yet my password was different.
thats crazy shit, good you got it back so fast though!
Haci go home, you r drunk.
So either this dude found a way to actually go through your gmail without being traced, did it through twitter like you said, or Jagex has a security problem which this dude slipped past. In any case you should probably do a Malwarebytes scan and potentially an avast boot scan just to be sure.
What is avast?
+K13Good Its a virus scanner, a pretty reliable one.
+Free to Say (TJ) My last login was almost 1 year ago to that email so unless they waited almost 1 year to check their "keylog logs" it's not the case.
I also got hacked the same way your not alone. The login system/ website is straight up broken.
***Suggestion for future video***
Crystal Mother load shards
you haven't made a video on them, I like how you commentate your videos. Any feed back???
But I wasn't so lucky started from ground up and made sure that would never happen again good luck bud I've been playing since beta and never had issues up til recently also make sure ur all security measures are in place.
It's possible to send a password request query from the home screen of runescape. Seeing as your email was never accessed, it is VERY likely that someone guessed/somehow found out both your EMAIL (but not your emails password) and your in game accounts password.
What happened is this: They found out your email, sent a password reset request in, but couldn't access your email, so they changed the password using the online account manager tools, because they somehow had access to your account.
Did you happen to get a screenshot of the latest activity on your account? Consider asking Jagex on twitter, I'm sure they can find the IP of who logged in to you.
Someone in my fc got hacked, too. Also someone's been trying to log into my gmail from like 500 miles away. That's scary!
-They send recovery request to your email from account.
-They then bruteforce the URL which looks like it would take a while but maybe only the last 9 digit id changes (and the rest depends on date/time).
-They then change password from recovery url.
That's it.
zivanni You don't bruteforce the PW, you bruteforce the URL. No limit on 404 html requests. He didn't get pinged back in his email cos he didn't click the hyperlink.
zivanni If you've tried it you're probably right. Maybe it's a linear progression or a pattern that they've figured out?
Never thought you could have been hacked, you are on the game so much and I would have thought that you have every security measure going for Runescape.
Lol this video came up in my recommended section on youtube and I thought it was a recent video. Glad to see it's not the case.. XD
This could be a vulnerability on runescape's recovery system which could override certain headers in an email (such as adding a BCC), quite common on web applications.
3:46 "this is some illuminati shit" i love your videos!! Keep it up!!
I think +G Mail is correct. Basically, to request a password reset, they only need to know the runescape login (email or username) to ask for a password reset. They probably found it out somehow. Then one that happened, their server will respond to a URL where you can reset your password. Usually there's a generated token that has to be part of the URL (That's why the password reset links are always like something.domain/shitloadofrandomcharacters). Now if you can figure out how that token is generated, the person can simply access that URL, without needing to read the email.
Now I don't know how did he figure out the algorithm for that. But most encryption algorithms have a distinguishable output. Once that's know, only the seed has to be found.
The same thing happened to me a few weeks ago. I'm a Computer Scientist and I know my shit when it comes to computers. I had two step verification on my emails and my password was changed, my Runescape account did not have two step verification at the time either because I thought my email security would have been fine. I'm the type of guy that uses virtual machines for stuff that I don't trust as well, plus I don't install loads of shit. On top of that I have good firewall, anti virus and anti malware on my computer.
I use a VPN at all times and my email account used for my Runescape account is not signed up to anything. I had the same email as you, but somehow my password was changed for anybody to sign in to my hotmail account I need to accept a notification on my phone (Which I never did). Luckily for me, my account got locked when they tried to sign in, so I never lost my items. I'm not meaning to point fingers or anything, but I do have a theory as to how it happened, two days before I got hacked I decided to install OSbuddy because everybody uses it and I have heard good things about it, two days later that happens to me. Since then I have removed it and I restored backed to a restore point on my computer, and it has not happened since.
Press F to pay respects
"This is some Illuminati shit!" Haha. Glad you secured your account though.
Don't over think it. The hacker simply sent a password reset email and then deleted that email afterwards. And about that last login was October thing, there probably is an incognito option in Gmail settings or something (idk tho, I don't use Gmail).
Twilight Zone theme playing in my head the entire video
If I was a link breaker here's how I'd do it, I'd figure out the email for your account. It's the easiest step but needs to be mentioned, next you request the change and start using a URL generator with the parameters that RS uses in the URL they send you. Coders can go into the code for URL generators and figure out what the parameters are for that site and run a brute force URL generator where it basically tries to guess that correct sequence of letters and numbers that will be sent in your link and when it's successful they've reset your password. But because of the way the URL generator works if they need confirmation after clicking the link it won't know. So what probably happened was they used a program to guess the URL of the link they'd send you and so the password was changed, but they never confirmed after clicking the link so they didn't get the second email.
Sounds like a runescape exploit. Someone found a way to get the reset link without getting from the email. please don't comment "phished". relogging and phising is when hackers gain your info, and then use it to log in and change stuff. He provided proof that there was no logging in anywhere. The password was changed between runescape and the hacker, not through a friend.
He was phished
something kinda similar just happened to me. I logged onto my main account and everything seemed normal at first(accept my obby cape was in inventory(account is not member anymore). I opened the bank and quickly realized my gp was gone. I checked my ge option because that's where most of my gp was and it was gone also. I didn't even realize when I first opened my bank it didn't ask me for my pin. I logged out then back in to see if I had any unread messages. (honestly scared at this point because I sell gp once in while and don't want to get banned) but I had none. I realized my pin has been turned off or de-activated. I check my email and theres nothing. At this point I am freaking out because no1... I mean no1 has heard my password or my pin before. I have 0 friends irl that plays runescape + I'm pretty much in the middle of nowhere. I am the only person that's ever on this computer. I am seriously in a mind fuck... I have no clue how this could have happened unless jagex has something to do with it?!
has anyone heard anything like this before? Someone would have to know my password + my bank pin then disable the pin for somereason then proceed to take just the gp in the bank, the the ge offers I had. I'm thinking this is some sort of bot or its jagex punishing me for rwt? But then again I have 0 messages on both email and account
+SirGanja RipperTon Maybe it's Jagex playing with you, you got cleared for I guess Selling gp? xDD
+Liquid Killaah yeah but you would think I would get a ban offence or a message atleast. the bank pin thing is confusing me
SirGanja RipperTon Nah you wouldn't get a ban offence. Trust me i know. It's not apart of the banning/muting system to clear people's banks. Jmods do it manually. And, there's no way in hell a bank pin is gonna be deleted in less than a few hours or whatever, I'm pretty sure you log-in daily at least every other day. If you had a entered a wrong bank pin a few times and you chose the option to remove it,it will be removed when you enter the bank pin correctly. So my point is if a hacker got your information he'd need to know the bank pin or wait 3/7 days, but that didn't happen i'm assuming, the Bank pin just got deleted, which is why i'm saying it's by a Jmod.
bank pins can be deleted almost immediately if you know it, just by talking to the banker and and entering the pin settings (after entering the correct pin) if a jmod did clear the gp on my account because I did a little rwt, then it would be great if they would let me know. Instead I'm just paranoid not knowing whats going on :S but your information did lighten me up some so thanks :D I just hope it was a jmod and not a hacker
That's some really strange stuff Dovydas.
this happened to me today too, really caught me off guard and still has me confused, thankfully I was online when the hacker changed my password and my account locked up immediately but I have no clue how they got access to my account or my email.
If you log into an email through a POP client (a 3rd party email client, not through gmail's site) then account activity won't show up in gmail. That's how they accessed it without you knowing. As for how they got your password who knows, might have been the same as another site you were registered on which had the database hacked.
Something like this wouldve worked back a long time ago. When an email wasnt necessary for your RS account
3:20 good on you putting 2step verifcation via pass/authenticator :)
This has happened to be several times recently, I get random pass resets to my email and get DC from game.
Support said no one else than me had logged into my account even tho the pass was changed.
It's some new meta hacking that Jagex don't have a clue about.
Same thing happened to me a while back, took me 6 months to get the account back. Now I just 2-step everything possible. I'd 2-step the 2-step if I could.
I love how you explained that people should hack paypal accounts first not runescape haha that just made me chuckle =P
The same happened to me around a month ago, I had authenticator enabled and my email was definitely not compromised. no password request was even sent.
literally logged on one day and said my password was incorrect and jagex would not let me recover as apparently the person provided details of original ownership even tho I created my account, reddit, twitter and Facebook was of no help to recover so now I am without an account
The same thing happened to me a few years ago. The only difference was that it claimed my email was changed, even though multiple messages to Jagex confirmed that it hadnt.
Short story long, its just that Jagex servers dun goofed
I had almost the exact same situation in early 2014. Got hacked, email showed no records of anyone else logging in, Jagex support claimed the password was reset using the email link
and I'm not even a famous runescaper
This happened to one of my friends (who lost upwards to 3b)
and it was the same situation, where his email got hacked and his account was tampered with.
Is there something going on at jagex where people are starting to exploit security bugs?
+WigglingWaffles you said your friends account got hacked. That means it was his fault.
Same thing happend to me. Same day. Lost 2.7B and all ports armour. Quit playing after around 11 years of playing the game.
:(
shit game anyway
+I Still Hate Sheeps how about you stop whining and do something with your life?
RS community in a nutshell here boys. Kek. Do something with my life? I have been. Ever heard of leisure time? Probably not, as I assume you're a 16 year old little brat with nothing better to do then game-out and talk shit on the internet
Okay, lots of theories out there. Let me, as a computer scientist, tell you what I think happened.
Believe it or not, its entirely possible to intercept emails. What the hacker probably did was find your email address, have the new password sent, and then they intercepted that email as it was going to google (or maybe it was pulled out of one of google's networks), and then they just used the password reset link.
They didn't have to log into your email account. It is very possible, and actually pretty easy if you know how, to intercept things like emails. The only safeguard against that is encryption, and google doesn't use the best encryption techniques when it comes to emails, Jagex to an even lesser extent.
Ever heard about socks5?
It allows you to backconnect to any server via other persons IP thus bypassing any security mechanisms in place.
Something very similar to this happened to me about 2 months ago. The difference was that they accessed my pc by hacking my teamviewer. They then proceeded to access my email and reset my RS password and cleaned out my bank. My email and RS was the only websites they had accessed. Also the email that was sent to my gmail saying reset they had deleted and then cleared my trash folder so I wouldn't notice. This may be what happened with you on the email side of things. This hacker was only interested in my RS account. Had no interest in seeing if I had saved passwords to my banking or my paypal (which I do not)
+Fizban610 Also was able to remove my authenticator due to only needing email access to do so. That should not be so easily removed.
Are you sure if they don't have full Access to your Computer? And how did you know that what Ip was logged in on your Gmail?
It could be, that you got a Trojan on your computer. He logged you off of Runescape and then led you to a site that was LOOKING like runescape, but wasn't (or the input was changed or whatever...). Before that the hacker sent a request to change your password. So now when you access your Gmail, the Trojan knows your Gmail login and password. At this point he probably changed the password and deleted all unnecessary mails.
What I am trying to say is, that there could still be that same Trojan on your PC and do the same thing again, just that now after this video the hacker knows, how you would react.
At leats you have your main acc that's very good
You can delete the confirmation e-mail and then mark the other one requesting the password change to "unread." However, the only thing standing out was the last time you had logged in.
probably the damn loch ness monster trying to get tree fiddy
"Illuminati shit" Quick everyone find the triangles the freaking triangles man!!
You can actually read e-mail by not actually opening it.
It's in the "Labs"(experimental) part of the Gmail. At least that's what it was called like 2+ years ago.
So basically, your email and runescape account were both hacked. The emails that confirmed your password reset was permanently deleted from the trash bin, the guy used a Reverse SSL proxy that made it so that it showed up as your device being used to access the email account. Also, you can get by without clicking on the email for the password reset link by just looking through the source codes from the web browser so it still showed up as "New" when you logged in.
I think the obvious answer to this is that they changed the password, then deleted the two messages sent to your Gmail and sent a second request to change your password that they didn't open in your Gmail. I couldn't think of any other answer so long as this wasn't some sort of glitch.
my guess is that they somehow accessed your gmail account indirectly, sort of like wire tapping for phones. so basically they request a password reset and see the link come in without actually logging into the email, then use it. it gets weird though again when there's no confirmation email. he would have had to somehow delete the confirmation email once again without getting into the account and maybe just hope that the reset request just looked like someone who failed in hacking your email.
idk definitely "some illuminati shit" like you said.
have you checked all of your other folders like trash/spam/junk?
Might be irrelevant, but didn't the osbuddy add on have a bunch of accounts leaked/stolen within the last year?
Very weird. Think it happened within the Jagex servers? Btw to the people saying hacking Paypal is jail time, that is not an international law.
I have done that before, I don't know about the no logs on GMAIL or something.
But as of no email showing up. Since they had access to your gmail they could of easily deleted the email(s) so you wouldn't notice.
Damn, really sounds like someone inside jagex or with help from jagex got your account for that time, hope all is well.
I had a very similar experience recently, and even weirder yet, it was done with a gmail account I actually deleted about 3 years ago.
"This is some illuminati shit" lolol
I got my Runescape account hacked once. They stole my Email first and then took RS account. Got RS account back with security questions and in game lost only zaryte bow and ranged armor i was using, thanks for bank pin. Had to make new email and change all information where i used old email. I had nothing important in stolen email, so nothing bad happened.
"This is some illuminati shit" pz iskart plysau zvengt :D
Same thing happened to me yesterday shame i wasn't as lucky as you =/
I actually got hacked this same way, but I ended up losing over 200m in goods and cash. Posted on forums and such trying to get jmods or somone to look into the trades that took place, but nothing was done. So gg me lol. Just added 2 step verification, changed all passes, and learned a lesson.
Someone must've figured a way to predict what links are sent in regards to resetting passwords. It's possible now someone is able to predict or has a machine that can predict the links Jagex sends to the email for resetting it. Sounds kindof bizarre, but anything is possible.
What if the hacker figured out some way to guess or determine the url included in the password reset email? This would almost account for the events that transpired, only it is strange that you didn't get an email that it had been reset. I suspect this is a problem with Jagex's security features, which allowed the hacker to reset your password without triggering that email.
They marked the e-mail as unread after they read it, deleted the "Your password has been reset" e-mail, then emptied the e-mail trash.